Kevin Falcone wrote: > On Thu, Jul 08, 2010 at 11:50:45AM -0700, Kenneth Crocker wrote: >> I noticed that the info for LDAP when using ExternalAuth mentions that >> you MUST have a d >> filter defined. >> >> My quick question is why? If my regular filter is working, anyone not >> meeting that >> specification will be denied anyway, so why the must for the d filter?
It's just part of the way it's designed and the way LDAP filters are generated. It's not brilliant, but it works well. > If you don't need it, make it the empty string > > -kevin Have you tested that? I haven't checked within living memory, but my general recommendation is to use something like (objectClass=ScoobyDoo) so you guarantee not to match. I'm not sure than an empty string won't cause a syntax failure on lookup. -- Kind Regards, __________________________________________________ Mike Peachey, IT Systems Administrator Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __________________________________________________ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com